Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was? Infected with Personal Protection malware


  • This topic is locked This topic is locked
10 replies to this topic

#1 rglove

rglove

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 03 July 2010 - 04:35 PM

My computer was infected with Personal Protection malware and it could not be completely removed by my anti-malware software, CA California Associates Security Suite. The technician at CA informed me that a root kit was on my machine and advised me to run ComboFix after he noticed some entries in the GMER log with filenames including the characters atapi...for example atapi.sys. He said he could not run the third party software combofix for me, so I followed the instructions and ran it. While running combofix it stated that a root kit was detected and then rebooted my machine and continued the scan. I have attached the resulting log.txt file. I then ran GMER again and did not appear to have the atapi files anymore, but was informed in a pop up window "WARNING!!! GMER has found system modifications caused by ROOTKIT activity. The combofix instructions stated that I should post the logs at one of these forums.

I then proceeded to follow the instructions, Preparation Guide For Use Before Using Malware removal Tools and Requesting Help, although I already ran combofix as advised by the CA technician. I would like someone to look at the logs I created after running combofix and let me know what else needs to be done to clean this computer. Thank you very much


DDS (Ver_10-03-17.01) - NTFSx86
Run by The Love's at 14:54:38.20 on Sat 07/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1441 [GMT -4:00]

FW: CA Personal Firewall *disabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft IntelliPoint\Point32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\The Love's\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.thewavecaster.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 10.5.1.2023
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\roadru~1.lnk - c:\windows\installer\{8c92f717-6af8-445c-a5ee-0570c864365e}\_4E67E20696D9AD37E90475.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} - hxxp://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: c:\windows\system32\UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thelov~1\applic~1\mozilla\firefox\profiles\k5292ue8.default\
FF - prefs.js: browser.startup.homepage - hxxp://thewavecaster.com/home.php
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 78840]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-9-2 53240]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-6-14 206160]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-8-14 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-9-30 60920]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 887288]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-6-11 87936]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
S2 gupdate1c9d33a84ba9d9a;Google Update Service (gupdate1c9d33a84ba9d9a);c:\program files\google\update\GoogleUpdate.exe [2009-5-12 133104]

=============== Created Last 30 ================

2010-07-03 18:37:30 0 ----a-w- c:\documents and settings\the love's\defogger_reenable
2010-07-03 17:18:16 0 d-sha-r- C:\cmdcons
2010-07-03 17:14:10 98816 ----a-w- c:\windows\sed.exe
2010-07-03 17:14:10 77312 ----a-w- c:\windows\MBR.exe
2010-07-03 17:14:10 256512 ----a-w- c:\windows\PEV.exe
2010-07-03 17:14:10 161792 ----a-w- c:\windows\SWREG.exe
2010-06-23 01:18:49 31752 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-06-23 01:18:37 363520 ----a-w- C:\rkill.exe
2010-06-23 01:18:19 177928 ----a-w- C:\TDSSKiller.exe
2010-06-23 00:24:18 0 d-----w- c:\program files\CleanUp!
2010-06-15 21:54:30 0 d-----w- c:\program files\common files\supportsoft
2010-06-14 22:58:58 95472 ----a-w- c:\windows\system32\Vetredir.dll
2010-06-14 22:58:58 201968 ----a-w- c:\windows\system32\Isafprod.dll
2010-06-14 22:58:58 128240 ----a-w- c:\windows\system32\Isafeif.dll
2010-06-14 22:58:31 0 d-----w- c:\windows\rnapxs
2010-06-14 22:56:25 0 d-----w- c:\program files\CA
2010-06-14 22:46:50 0 d-----w- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2010-06-13 06:12:24 0 d-----w- c:\docume~1\alluse~1\applic~1\CA
2010-06-13 03:43:51 0 d-----w- c:\docume~1\thelov~1\applic~1\RoadRunner
2010-06-13 03:43:43 0 d-----w- c:\program files\RoadRunner
2010-06-13 03:31:19 90112 ----a-w- c:\windows\system32\Rdesciph.dll
2010-06-13 03:31:19 69632 ----a-w- c:\windows\system32\HASHciph.dll
2010-06-13 03:31:19 647872 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2010-06-13 03:31:19 44544 ----a-w- c:\windows\system32\gif89.dll
2010-06-13 03:31:19 427864 ----a-w- c:\windows\system32\XceedZip.dll
2010-06-13 03:31:19 368912 ----a-w- c:\windows\system32\vbar332.dll
2010-06-13 03:31:19 200704 ----a-w- c:\windows\system32\THREED32.OCX
2010-06-13 03:31:19 193592 ----a-w- c:\windows\system32\CSFTP32.OCX
2010-06-13 03:31:19 167936 ----a-w- c:\windows\system32\ccrpftv6.ocx
2010-06-13 03:31:18 0 d-----w- c:\program files\Safe Storage
2010-06-09 00:31:09 0 d-----w- c:\windows\system32\NtmsData

==================== Find3M ====================

2010-04-12 21:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2008-08-24 19:41:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082420080825\index.dat

============= FINISH: 14:55:06.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:04 PM

Posted 07 July 2010 - 06:31 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 rglove

rglove
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 08 July 2010 - 07:53 PM

Hello Elise,
Thank you for responding. In addition to the info I wrote in my first post, I will say that the problems I was having (i.e. websites re-directing themselves to other websites etc) seemed to be fixed after I ran combo fix as mentioned in my first post, but I am still unsure if I can trust my machine (i.e. bank account, entering credit card number etc). Especially because of the root kit detection and registry messages I have received while running some of these scans..see first post. I was told that I should re-format my computer, but I would need to research to figure out how to do that, and I am concerned about the effort it would take to set everything up again.
Anyway, I hope you can advise as to:
1. Is my computer really clean now?
2. What can I do to fix it?
3. Is re-formatting what really should be done?
I ran the reports you requested and have posted them below. Note: I will attach the gmer.log in another post because it will not fit in this post.
Thank you very much
Rodney

OTL logfile created on: 7/7/2010 6:03:56 PM - Run 1
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\The Love's\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 52.15 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: The Love's
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/07 18:02:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Love's\Desktop\OTL.exe
PRC - [2010/04/09 02:04:12 | 001,721,680 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2010/04/06 08:12:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2010/04/06 08:12:22 | 000,251,216 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/04/06 08:12:10 | 001,103,184 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
PRC - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
PRC - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/02/09 10:31:56 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009/01/19 09:37:10 | 001,150,976 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/10/24 12:44:34 | 000,872,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/07/10 00:07:00 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/12 12:08:02 | 001,867,776 | ---- | M] (Online Backup) -- C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe
PRC - [2006/06/26 10:34:58 | 000,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2006/06/26 10:34:40 | 000,614,960 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/06/26 10:33:32 | 000,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/06/26 09:46:04 | 000,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2005/10/07 07:13:38 | 000,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/07/27 09:41:08 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2005/03/23 19:26:09 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2004/10/30 15:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/09 22:16:57 | 000,053,248 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\system32\DrvMon.exe
PRC - [2004/09/07 17:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 17:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/06/28 16:56:12 | 000,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2004/04/01 19:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe
PRC - [2003/10/29 04:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/07/07 18:02:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Love's\Desktop\OTL.exe
MOD - [2009/07/01 10:55:58 | 000,113,144 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxExw.dll
MOD - [2009/04/01 09:45:50 | 000,272,888 | ---- | M] (CA) -- C:\WINDOWS\system32\UmxSbxw.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/06/26 10:33:42 | 000,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 10:03:12 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/04/06 08:12:24 | 000,206,160 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2010/04/06 08:12:22 | 000,251,216 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/08/04 10:42:18 | 000,887,288 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/07/31 16:30:14 | 000,150,008 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp)
SRV - [2009/07/27 15:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/07/13 10:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/02/06 18:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/04/06 15:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2004/09/07 17:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 17:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 17:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/04/01 19:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LMouKE.Sys -- (LMouKE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\LHidUsbK.Sys -- (LHidUsbK)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THELOV~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/12/23 11:29:36 | 000,078,840 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/09/30 16:51:00 | 000,239,608 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/09/30 16:51:00 | 000,060,920 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2009/09/02 17:29:58 | 000,053,240 | ---- | M] (CA) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2009/08/14 11:43:50 | 000,145,912 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2009/06/08 10:02:04 | 000,115,704 | ---- | M] (CA) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2009/06/08 10:02:02 | 000,108,024 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys -- (KmxStart)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/04/09 09:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 09:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 09:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007/02/06 18:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 11:27:28 | 000,938,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/03 11:27:16 | 000,014,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2005/09/28 13:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/31 17:46:26 | 000,087,936 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/05/13 03:46:20 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/10 23:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/12/06 02:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 02:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 02:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 02:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 02:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 02:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 02:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 02:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 02:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 04:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 03:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/10/21 21:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/09/03 05:23:38 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/31 09:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 09:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 12:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 12:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/17 21:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 21:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/04/24 17:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BASFND.sys -- (BASFND)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.thewavecaster.com/
IE - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 1E 9D AB 59 12 CB 01 [binary data]
IE - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://thewavecaster.com/home.php"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.0.20090922023629
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e9259cba-e7ad-4f74-863f-ef9fe935394d}:1.2.1.24
FF - prefs.js..extensions.enabledItems: {8b02914c-4e6b-4410-90e1-1a2b1b69b12d}:1.2.1.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 13:31:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/10 19:28:15 | 000,000,000 | ---D | M]

[2009/12/06 23:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Love's\Application Data\Mozilla\Extensions
[2010/06/22 21:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\The Love's\Application Data\Mozilla\Firefox\Profiles\k5292ue8.default\extensions
[2009/12/06 23:28:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\The Love's\Application Data\Mozilla\Firefox\Profiles\k5292ue8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/22 21:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/10 19:28:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/03 13:33:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2773594046-911203158-3687391158-1005..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 10.5.1.2023 File not found
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 10.5.1.2023 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Road Runner Safe Storage.lnk = C:\WINDOWS\Installer\{8C92F717-6AF8-445C-A5EE-0570C864365E}\_4E67E20696D9AD37E90475.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zonelabs.com/bin/free/cm/ICSCM_ca.cab (ICSScannerLight Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\UmxSbxExw.dll) - C:\WINDOWS\system32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O24 - Desktop WallPaper: C:\Documents and Settings\The Love's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Love's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/07 18:02:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Love's\Desktop\OTL.exe
[2010/07/03 16:00:02 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/07/03 15:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Love's\Desktop\gmer
[2010/07/03 15:20:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/03 13:18:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/03 13:14:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/03 13:14:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/03 13:14:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/03 13:14:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/03 13:13:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/03 13:12:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/22 21:18:49 | 000,031,752 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/06/22 21:18:19 | 000,177,928 | ---- | C] (Kaspersky Lab) -- C:\TDSSKiller.exe
[2010/06/22 20:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2010/06/22 20:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Love's\Desktop\CA_tools
[2010/06/15 17:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2010/06/15 07:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Love's\Local Settings\Application Data\Qurb4
[2010/06/15 07:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Love's\Local Settings\Application Data\Qurb3
[2010/06/14 18:58:58 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\WINDOWS\System32\Isafprod.dll
[2010/06/14 18:58:58 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\Isafeif.dll
[2010/06/14 18:58:58 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\WINDOWS\System32\Vetredir.dll
[2010/06/14 18:58:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\rnapxs
[2010/06/14 18:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\CA
[2010/06/14 18:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/06/13 02:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/06/12 23:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Love's\Application Data\RoadRunner
[2010/06/12 23:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\RoadRunner
[2010/06/12 23:31:19 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2010/06/12 23:31:19 | 000,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\WINDOWS\System32\XceedZip.dll
[2010/06/12 23:31:19 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010/06/12 23:31:19 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\THREED32.OCX
[2010/06/12 23:31:19 | 000,193,592 | ---- | C] (Catalyst Development Corporation) -- C:\WINDOWS\System32\CSFTP32.OCX
[2010/06/12 23:31:19 | 000,167,936 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpftv6.ocx
[2010/06/12 23:31:19 | 000,090,112 | ---- | C] (Bokler Software Corp.) -- C:\WINDOWS\System32\Rdesciph.dll
[2010/06/12 23:31:19 | 000,069,632 | ---- | C] (Bokler Software Corp.) -- C:\WINDOWS\System32\HASHciph.dll
[2010/06/12 23:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Safe Storage
[2010/06/08 20:31:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/07 18:02:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Love's\Desktop\OTL.exe
[2010/07/07 14:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/06 13:08:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 18:18:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 07:25:24 | 000,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Road Runner Safe Storage.lnk
[2010/07/05 07:24:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 07:24:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 07:24:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 07:24:12 | 2146,914,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 07:24:12 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/04 07:26:53 | 000,853,987 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/07/04 07:26:53 | 000,069,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/07/04 07:26:53 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/07/04 07:26:53 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/07/04 07:26:53 | 000,000,289 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/07/04 07:26:53 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/07/04 07:26:53 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/07/04 07:26:53 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/07/04 07:26:53 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/07/04 07:26:53 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/07/04 07:26:53 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/07/04 07:26:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/07/04 07:26:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/07/04 07:26:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/07/04 07:26:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/07/04 07:26:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/07/04 07:26:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/07/04 07:26:14 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/04 07:25:40 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\The Love's\ntuser.dat
[2010/07/04 07:25:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\The Love's\ntuser.ini
[2010/07/03 17:28:55 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\The Love's\Desktop\malware.doc
[2010/07/03 15:19:18 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\The Love's\Desktop\gmer.zip
[2010/07/03 14:53:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\The Love's\Desktop\dds.scr
[2010/07/03 14:37:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\The Love's\defogger_reenable
[2010/07/03 14:36:06 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\The Love's\Desktop\Defogger.exe
[2010/07/03 13:33:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/03 13:33:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/03 13:18:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/03 12:37:39 | 003,725,496 | R--- | M] () -- C:\Documents and Settings\The Love's\Desktop\ComboFix.exe
[2010/06/27 18:28:36 | 000,000,791 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/06/22 21:19:02 | 000,363,520 | ---- | M] () -- C:\rkill.exe
[2010/06/22 21:18:49 | 000,031,752 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/06/22 21:18:34 | 000,177,928 | ---- | M] (Kaspersky Lab) -- C:\TDSSKiller.exe
[2010/06/21 19:36:10 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Road Runner Safe Storage.lnk
[2010/06/20 11:59:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/14 18:58:24 | 000,001,811 | ---- | M] () -- C:\Documents and Settings\The Love's\Desktop\CA Security Center.lnk
[2010/06/13 02:41:07 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\The Love's\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/12 23:55:31 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\The Love's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/03 17:16:13 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\The Love's\Desktop\malware.doc
[2010/07/03 14:53:06 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\The Love's\Desktop\dds.scr
[2010/07/03 14:52:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\The Love's\Desktop\gmer.zip
[2010/07/03 14:37:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\The Love's\defogger_reenable
[2010/07/03 14:36:06 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\The Love's\Desktop\Defogger.exe
[2010/07/03 13:18:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/07/03 13:18:19 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/03 13:14:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/03 13:14:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/03 13:14:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/03 13:14:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/03 13:14:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/03 12:37:35 | 003,725,496 | R--- | C] () -- C:\Documents and Settings\The Love's\Desktop\ComboFix.exe
[2010/06/22 21:18:37 | 000,363,520 | ---- | C] () -- C:\rkill.exe
[2010/06/15 17:33:27 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\The Love's\Desktop\CA Security Center.lnk
[2010/06/14 22:04:53 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2010/06/14 22:04:53 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2010/06/14 22:04:53 | 000,000,289 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2010/06/14 22:04:53 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2010/06/14 22:04:53 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2010/06/14 22:04:53 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2010/06/14 22:04:53 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2010/06/14 22:04:53 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2010/06/14 22:04:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2010/06/14 22:04:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2010/06/14 22:04:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2010/06/14 22:04:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2010/06/14 22:04:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2010/06/14 22:04:53 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2010/06/14 22:04:52 | 000,853,987 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2010/06/14 22:04:52 | 000,069,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2010/06/14 22:04:52 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2010/06/13 02:41:07 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\The Love's\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/12 23:31:20 | 000,002,407 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Road Runner Safe Storage.lnk
[2010/06/12 23:31:20 | 000,002,401 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Road Runner Safe Storage.lnk
[2010/06/12 23:31:19 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2010/05/12 03:04:23 | 000,000,173 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/30 20:52:17 | 000,000,955 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/01/30 20:52:17 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/01/30 20:51:55 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/30 20:51:01 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/01/30 20:50:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/01/30 20:43:08 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/02/21 21:22:37 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/09/24 12:53:42 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/09/24 12:52:37 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2006/09/24 12:52:22 | 000,000,228 | ---- | C] () -- C:\WINDOWS\HP_ISRegionListUpdatelog_HPSU.ini
[2006/09/24 12:52:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/09/24 12:52:03 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2006/09/24 12:49:32 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/09/24 12:47:02 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/07/23 19:26:28 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2006/07/23 16:40:24 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/07/23 16:39:53 | 000,000,167 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/07/23 16:36:37 | 000,000,735 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/07/10 20:55:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/06/27 20:16:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/06/11 23:19:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/11 23:17:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/11 22:58:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2006/06/11 22:57:46 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >

OTL Extras logfile created on: 7/7/2010 6:03:56 PM - Run 1
OTL by OldTimer - Version 3.2.8.0 Folder = C:\Documents and Settings\The Love's\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 52.15 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: The Love's
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Brother\Brmfl08l\FAXRX.exe" = C:\Program Files\Brother\Brmfl08l\FAXRX.exe:*:Disabled:PC-FAX Receive -- (Brother Industries Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20292BBB-C7D7-4526-9E38-42C4A5C2A3A6}" = H&R Block Deluxe + Efile 2009
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FE1E97D-B93B-4817-8BC2-19C0347F4DB4}" = O2Micro Smartcard Driver
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C92F717-6AF8-445C-A5EE-0570C864365E}" = Road Runner Safe Storage
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7DACB79-D0BE-477B-B63F-4BBF33F39B7A}" = TWC Client ActiveX Controls
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D81FBA6E-5492-4C46-BAE3-3A9242C27210}" = TaxCut Basic + Efile 2008
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"eTrust Suite Personal" = CA Internet Security Suite
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IncrediMail Xe" = IncrediMail Xe
"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2
"InstallShield_{7FE1E97D-B93B-4817-8BC2-19C0347F4DB4}" = O2Micro Smartcard Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"Road Runner Safe Storage" = Road Runner Safe Storage
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2773594046-911203158-3687391158-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2010 11:27:18 AM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 11:27:18.500]: [00001996]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.103]

Error - 7/7/2010 11:28:38 AM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 11:28:38.781]: [00001996]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.103]

Error - 7/7/2010 1:03:37 PM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 13:03:37.593]: [00001996]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.103]

Error - 7/7/2010 1:58:28 PM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 13:58:28.093]: [00001996]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.103]

Error - 7/7/2010 1:58:28 PM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 13:58:28.187]: [00001996]: GetDeviceIpAddress:
GetAddressByName [BRW0C607653A91D] Error

Error - 7/7/2010 1:58:37 PM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 13:58:37.203]: [00001996]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.103]

Error - 7/7/2010 5:43:05 PM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 17:43:05.062]: [00001996]: GetDeviceIpAddress:
GetAddressByName [BRW0C607653A91D] Error

Error - 7/7/2010 5:43:14 PM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 17:43:14.078]: [00001996]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.103]

Error - 7/7/2010 5:43:23 PM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 17:43:23.140]: [00001996]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.103]

Error - 7/7/2010 5:54:09 PM | Computer Name = LAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2010/07/07 17:54:09.375]: [00001996]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.1.103]

[ System Events ]
Error - 7/3/2010 1:01:57 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/3/2010 1:01:57 PM | Computer Name = LAPTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/3/2010 1:02:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7003
Description = The Spectrum24 Event Monitor service depends on the following nonexistent
service: EvtEng

Error - 7/3/2010 1:02:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7003
Description = The WLANKEEPER service depends on the following nonexistent service:
EvtEng

Error - 7/3/2010 1:12:02 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/3/2010 1:24:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7003
Description = The Spectrum24 Event Monitor service depends on the following nonexistent
service: EvtEng

Error - 7/3/2010 1:24:04 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7003
Description = The WLANKEEPER service depends on the following nonexistent service:
EvtEng

Error - 7/3/2010 1:24:26 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 7/5/2010 7:24:39 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7003
Description = The Spectrum24 Event Monitor service depends on the following nonexistent
service: EvtEng

Error - 7/5/2010 7:24:39 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7003
Description = The WLANKEEPER service depends on the following nonexistent service:
EvtEng


< End of report >





#4 rglove

rglove
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 08 July 2010 - 08:18 PM

I had to split the gmer.log into three post because of file size.
1st part of gmer.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-07 20:52:35
Windows 5.1.2600 Service Pack 3
Running: 1ucdv2ox.exe; Driver: C:\DOCUME~1\THELOV~1\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xAE369FC9] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xAE36AE96] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xAE36B1E7] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xAE369F2D] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xAE36ABBB] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xB0C267B0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xAE36AFC3] <-- ROOTKIT !!!

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!WriteProcessMemory + 2 7C802215 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SetWindowsHookW + 2 7E421B8C 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SetWindowsHookExW + 2 7E428211 5 Bytes JMP 5FF3D580 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!PostMessageA + 2 7E42AAFF 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 5 Bytes JMP 5FF39AAC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 5 Bytes JMP 5FF39990 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SetWindowsHookExA + 2 7E431213 5 Bytes JMP 5FF3D464 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SetWindowsHookA + 2 7E43ED6B 5 Bytes JMP 5FF3D69C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] USER32.dll!SendMessageCallbackA + 2 7E46B12B 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA6 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B432 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B316 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB52 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C182 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 3 Bytes [8B, FF, E9]
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!ChangeServiceConfigW + 4 77E37005 3 Bytes JMP 5FF3BBFA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD12 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA36 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66A C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B786 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ole32.dll!CoInitializeEx + 2 774FEF7D 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ole32.dll!CoCreateInstanceEx 77500526 7 Bytes JMP 5FF3632B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ole32.dll!CoCreateInstance 7750057E 8 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ole32.dll!CoGetClassObject + 2 775156C7 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ole32.dll!CoGetInstanceFromFile + 2 775401EC 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\SCardSvr.exe[444] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!VirtualAllocEx 7C809B12 12 Bytes JMP 5FF3D10D C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF1 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes [8B, FF, 90, E9, C3, 5B, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!SetServiceObjectSecurity + 8 77E36D89 4 Bytes CALL 0873FE1E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SetWindowsHookW + 2 7E421B8C 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SetWindowsHookExW + 2 7E428211 5 Bytes JMP 5FF3D580 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!PostMessageA + 2 7E42AAFF 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 5 Bytes JMP 5FF39AAC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 5 Bytes JMP 5FF39990 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SetWindowsHookExA + 2 7E431213 5 Bytes JMP 5FF3D464 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SetWindowsHookA + 2 7E43ED6B 5 Bytes JMP 5FF3D69C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!BroadcastSystemMessage 7E46AEBE 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] USER32.dll!SendMessageCallbackA + 2 7E46B12B 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ole32.dll!CoGetInstanceFromFile 775401EA 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] ole32.dll!CoGetInstanceFromIStorage 77596914 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\basfipm.exe[1324] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!WriteProcessMemory + 2 7C802215 8 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!VirtualAllocEx 7C809B12 12 Bytes JMP 5FF3D10D C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF1 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes [8B, FF, 90, E9, C3, 5B, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!SetServiceObjectSecurity + 8 77E36D89 4 Bytes CALL 0873FE1E
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SetWindowsHookW + 2 7E421B8C 8 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 8 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF3951F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SetWindowsHookExW + 2 7E428211 8 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!PostMessageA + 2 7E42AAFF 8 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 8 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 8 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 8 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SetWindowsHookExA + 2 7E431213 8 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SetWindowsHookA + 2 7E43ED6B 8 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 8 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] USER32.dll!SendMessageCallbackA + 2 7E46B12B 8 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ole32.dll!CoInitializeEx + 2 774FEF7D 8 Bytes JMP 5FF360F3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ole32.dll!CoCreateInstanceEx + 2 77500528 8 Bytes JMP 5FF3632B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ole32.dll!CoGetClassObject + 2 775156C7 8 Bytes JMP 5FF36447 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ole32.dll!CoGetInstanceFromFile + 2 775401EC 8 Bytes JMP 5FF36563 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 8 Bytes JMP 5FF3667F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!VirtualProtect 7C801AD4 8 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!TerminateProcess 7C801E1A 9 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!TerminateThread 7C81CB3B 9 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!OpenThread 7C82FC08 8 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] kernel32.dll!DebugActiveProcess 7C85B0FB 10 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 8 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 8 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 8 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B433 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B317 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB53 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 8 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B54F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 8 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 8 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C29F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C183 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD13 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE2F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA37 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9BF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B787 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ADVAPI32.dll!EnumServicesStatusW 77E37D61 7 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!BroadcastSystemMessageW 7E41E666 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SetWindowsHookW 7E421B8A 7 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!BroadcastSystemMessageExW 7E423654 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendDlgItemMessageW 7E4273CC 5 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!OpenClipboard 7E430277 5 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendDlgItemMessageA 7E43C2E7 5 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!BroadcastSystemMessageExA 7E46AE97 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ole32.dll!CoInitializeEx + 2 774FEF7D 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ole32.dll!CoCreateInstanceEx + 2 77500528 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ole32.dll!CoCreateInstance 7750057E 8 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ole32.dll!CoGetClassObject + 2 775156C7 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ole32.dll!CoGetInstanceFromFile + 2 775401EC 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[1868] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[1948] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!TerminateProcess 7C801E1A 5 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D110 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 5FF3CFF4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!OpenThread 7C82FC08 5 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] kernel32.dll!DebugActiveProcess 7C85B0FB 5 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SetUserObjectSecurity 7E4213B3 5 Bytes JMP 5FF3CDBC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SetWindowsHookW 7E421B8A 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 8 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendDlgItemMessageW 7E4273CC 5 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 5FF3D580 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 5FF39AAC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 5FF39990 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 5FF3D464 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendDlgItemMessageA 7E43C2E7 5 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SetWindowsHookA 7E43ED69 5 Bytes JMP 5FF3D69C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 8 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94BE 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ole32.dll!CoInitializeEx + 2 774FEF7D 8 Bytes JMP 5FF360F3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ole32.dll!CoCreateInstanceEx + 2 77500528 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ole32.dll!CoCreateInstance + 2 77500580 1 Byte [E9]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ole32.dll!CoGetClassObject + 2 775156C7 8 Bytes JMP 5FF36447 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ole32.dll!CoGetInstanceFromFile + 2 775401EC 8 Bytes JMP 5FF36563 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] ole32.dll!CoGetInstanceFromIStorage + 2 77596916 8 Bytes JMP 5FF3667F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\System32\alg.exe[2600] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!WriteProcessMemory + 2 7C802215 8 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!VirtualAllocEx 7C809B12 12 Bytes JMP 5FF3D10D C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF1 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes [8B, FF, 90, E9, C3, 5B, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!SetServiceObjectSecurity + 8 77E36D89 4 Bytes CALL 0873FE1E
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E
.text C:\WINDOWS\Explorer.EXE[2628] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SetWindowsHookW + 2 7E421B8C 8 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SetWindowsHookExW + 2 7E428211 8 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!PostMessageA + 2 7E42AAFF 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 5 Bytes JMP 5FF39AAC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 5 Bytes JMP 5FF39990 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SetWindowsHookExA + 2 7E431213 8 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SetWindowsHookA + 2 7E43ED6B 8 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!BroadcastSystemMessage 7E46AEBE 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] USER32.dll!SendMessageCallbackA + 2 7E46B12B 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ole32.dll!CoCreateInstance + 2 77500580 6 Bytes JMP 5FF3620F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ole32.dll!CoGetInstanceFromFile 775401EA 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] ole32.dll!CoGetInstanceFromIStorage 77596914 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[2628] SHELL32.dll!SHCreateProcessAsUserW 7CAC94BC 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!TerminateProcess 7C801E1A 5 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D110 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 5FF3CFF4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!OpenThread 7C82FC08 5 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] kernel32.dll!DebugActiveProcess 7C85B0FB 5 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SetWindowsHookW + 2 7E421B8C 8 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 8 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF3951F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SetWindowsHookExW + 2 7E428211 8 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!PostMessageA + 2 7E42AAFF 8 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 8 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 8 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 8 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SetWindowsHookExA + 2 7E431213 8 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SetWindowsHookA + 2 7E43ED6B 8 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)




#5 rglove

rglove
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 08 July 2010 - 08:22 PM

2nd part of gmer.log attached

Attached Files



#6 rglove

rglove
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 08 July 2010 - 08:23 PM

3rd and final part of gmer.log

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [B9DA0450] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [B9DA22F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [B9DA1EB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [B9DA2920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [B9DA2500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [B9D9FFE0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [B9D9FEA0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9DA1DB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9DA1830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [B9DA0450] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [B9DA22F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [B9D9FFE0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [B9DA0F30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [B9DA1EB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [B9DA2500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9DA1F60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [B9DA2920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9DA1F60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9DA1830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [B9DA0F30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9DA1DB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [B9DA22F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [B9DA2500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [B9DA2920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [B9DA1EB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [B9DA22F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [B9DA1EB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [B9DA2920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [B9DA2500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [B9DA0F30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [B9DA0F30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [B9DA2500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [B9DA2210] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [B9DA29E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9DA1F60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [B9DA1EB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9DA1830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [B9D9FEA0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [B9DA22F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9DA1DB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [B9DA1EB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [B9DA0450] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [B9DA22F0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [B9D9FFE0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [B9DA2920] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [B9DA2500] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9DA1F60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9DA1DB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9DA1830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [B9D9FF40] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [B9D9FEA0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9DA1DB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9DA1830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9DA1F60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [B9DA0F30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [B9DA0F30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9DA1F60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9DA1830] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9DA1DB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [B9DA0F30] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9DA1F60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9DA1DB0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9DA1830] kmxstart.sys (HIPS Core Driver/CA)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Documents and Settings\The Love's\Desktop\1ucdv2ox.exe[268] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[384] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\System32\SCardSvr.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\System32\SCardSvr.exe[444] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D62E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D62C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D62C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D62C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe[652] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apntex.exe[752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apntex.exe[752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apntex.exe[752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00982C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apntex.exe[752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[1000] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[1460] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1764] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D62E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D62C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D62C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D62C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\iTunes\iTunesHelper.exe[1868] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1884] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[1964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[1964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[1964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[1964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E32E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E32C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E32C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E32C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E12E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E12C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E12C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E12C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Microsoft IntelliPoint\point32.exe[2264] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[2476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\HidFind.exe[2488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\HidFind.exe[2488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\HidFind.exe[2488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00392C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\HidFind.exe[2488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\alg.exe[2600] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\System32\alg.exe[2600] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DD2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DD2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DD2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DD2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\Explorer.EXE[2628] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CA2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CA2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CA2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CA2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2672] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00972E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00972C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00972C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00972C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\wscntfy.exe[2700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01162E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01162C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01162C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01162C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\RoadRunner\SafeStorage\Online-Backup.exe[2816] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\Brmfcmon\BrMfimon.exe[2944] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BE2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BE2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BE2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BE2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [5FF38A04] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[3028] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\DrvMon.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CC2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CC2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CC2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CC2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CA\CA Internet Security Suite\casc.exe[3176] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\ctfmon.exe[3312] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BE2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BE2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BE2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BE2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Digital Line Detect\DLG.exe[3332] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BA2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BA2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BA2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BA2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Apoint\Apoint.exe[3668] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D22E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D22C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D22C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D22C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3736] @ C:\WINDOWS\system32\netapi32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3768] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B82C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B82C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetNamedSecurityInfoW] [5FF3CCA0] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [5FF388E8] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!AdjustTokenPrivileges] [5FF3C4DC] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [5FF3C714] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!OpenThread] [5FF3D8D4] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualProtect] [5FF3D348] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] [5FF3D464] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3876] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] [5FF3D580] C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
IAT C:\Program Files\Logitech\QuickCam10\COCIManager.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\COCIManager.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\COCIManager.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\COCIManager.exe[4036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Modem \Device\00000086 kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device \FileSystem\Fastfat \Fat ACC2BD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) PRAGMAdnnqvcdxrr <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAdnnqvcdxrr
Reg HKLM\SYSTEM\ControlSet002\Services\PRAGMAdnnqvcdxrr (not active ControlSet)

---- EOF - GMER 1.0.15 ----


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:04 PM

Posted 09 July 2010 - 04:29 AM

Hello again,

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 rglove

rglove
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 11 July 2010 - 02:17 PM

thank you for the info..in this case I will re-format

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:04 PM

Posted 11 July 2010 - 02:33 PM

That is indeed the safest procedure.

Please let me know if you need any help with that or if this topic can be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 rglove

rglove
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 12 July 2010 - 08:50 PM

I have reformatted..thaks for the help.. you can close this ticket
Rodney

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:04 PM

Posted 13 July 2010 - 02:53 AM

Since this issue is resolved, this topic will now be closed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users